Active Sync fails after Forms Based Auth enabled.

Posted on 2007-10-01
Last Modified: 2008-01-09
Active Sync fails after Forms Based Auth enabled. I had this working properly with SSL and was able to sync mail with no problems. Now, when I use "https://servername/OMA" I get:

A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.

I also get the following errors in the App Event Viewer:

EventID: 1501
No user credentials were found in the HTTP request. To fix this problem, do the following: Verify that Anonymous access is turned off on the Outlook(R) Mobile Access virtual directory in Internet Information Services. Also, verify that the Outlook(R) Mobile Access virtual directory is set to require authentication on every request.

(I verified the above security settings)

EventID: 1501
An unknown error occurred while processing the current request:
Message: Object reference not set to an instance of an object.
Source: Microsoft.Exchange.OMA.UserInterface
Stack trace:
   at Microsoft.Exchange.OMA.UserInterface.Global.Application_PreRequestHandlerExecute(Object sender, EventArgs e)
   at System.Web.SyncEventExecutionStep.System.Web.HttpApplication+IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

I have attemped the follow this process (Step 2) to resolve the issue with no success:
Question by:jefferybush
    LVL 12

    Expert Comment

    Try the steps here to configure ActiveSync:

    LVL 104

    Expert Comment

    When you made the changes in 817379 did you turn off FBA first?
    If not then you brought across the problem.
    My usual method for fixing this is here:

    However the error you have given is not what I would expect from FBA. That is an authentication account failure, not authentication type failure.
    Ensure that anonymous is not enabled on the /oma, /exchange or /microsoft-server-activesync virtual directories in IIS manager.

    LVL 1

    Author Comment

    Thanks, weareit and Sembee.

    I used Sembee's process and have both OMA and OWA working without SSL. I don't want ot break this again but would like to enable SSL on ActiveSync and OWA, then apply Forms Based on OWA.

    I currently have the following virtuals set to "Basic Auth Only" with nothing else selected:


    The following with both Basic and Integrated Windows Auth:


    I have not yet enabled HTTP Forms Based in ESM. I had all this working before I enabled FBA, then it all went to heck in a handbasket.

    LVL 104

    Accepted Solution

    You don't enable or disable SSL on a per directory basis. It is either on the site or it is not. The setting you think enables SSL actually enforces it, which is something different.
    Enabling FBA should not break things, so I would suggest that you enable that.

    /exchweb should not have basic and integrated authentication enabled, it should have anonymous ONLY enabled.

    Have you tested OMA and EAS in the current configuration? The /exchange-oma directory should have integrated authentication enabled on it as well. That is why you have to do this - because FBA disabled the support for NTLM/Integrated authentication.

    LVL 1

    Author Comment

    Thanks, Sembee! She's pretty much fixed up....I have another problem with an SBS 2003 OMA but I'll put that in a different post.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do email signature updates give you a headache?

    Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

    Suggested Solutions

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now